GSA Privacy Program

GSA follows the requirements of the Privacy Act which protects personal information that GSA maintains in systems of records (SORs). A system of records is a file, database, or program from which personal information is retrieved by name or other personal identifier. Our Privacy Act System of Records and Notices identifies systems that contain Personally Identifiable Information (PII), and these are reviewed periodically to ensure they are relevant, necessary, accurate, up-to-date, and covered by the appropriate legal or regulatory authority. We use the Privacy Impact Assessment (PIA) as a key tool to ensure that privacy issues and protections are addressed within information technology systems that contain any PII. GSA takes the security of the PII we maintain very seriously. We protect PII security and confidentiality through various methods including security technologies and strict access controls.

GSA's Privacy Act program establishes the processes and procedures, and assigns responsibilities, for fulfilling the Privacy Act's mandate. Also published here is our privacy policies and practices as they apply to GSA employees, contracting requirements, contractors, and clients.